WRT1200ac running OpenWrt 18.06.1
We run a Wireguard VPN (wireguard.com) however suffer from individual device DNS leaks as some users have google dns or 1.1.1.1 etc.
I'm wanting to have ALL devices to run the vpn's dns servers regardless if custom dns is selected on say an iphone.
Is this possible to bypass device dns and direct the dns requests through the tunnel?
How could I do this?
Possible if you use the firewall to force all outgoing packages going into port 53 to get hijacked into the local resolver (your router) and that forwards the query into the tunnel, so that no device can directly send DNS queries outside.
The adblock package contains option for that functionality.
Or you can craft the necessary iptables rules by yourself.
You have two pre-defined zones called 'lan' and 'wan'. Similarly you could define your wireguard interfaces as the 'vpn' zone which you can then use to firewall VPN traffic.
My advice is to stop blindly following step by step guides and instead try to learn the different involved components. That way you can implement your needs and actually be able to troubleshoot if there's a problem.